oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gsskrb5: Make krb5 mech use referrals

Browse Source 
Modify the gss krb5 mech to always use referrals unless the
KRB5_NCRO_NO_REFERRALS flag is set.

Change-Id: I7efd873ac922a43adafa2c492703b576847a885f
This commit is contained in:
Viktor Dukhovni
2015-03-11 18:27:34 -05:00
committed by Jeffrey Altman
parent 8a5d50a328
commit cfdf6d5cbe
7 changed files with 14 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/krb5/get_cred.c
View File

@@ -1131,7 +1131,8 @@ _krb5_get_cred_kdc_any(krb5_context context,
second_ticket,
out_creds);
if (ret == 0 || flags.b.canonicalize)
/* "Empty realm" -> only do referrals */
if (ret == 0 || strcmp(in_creds->server->realm, "") == 0)
return ret;
/* Try capaths */
@@ -1484,9 +1485,9 @@ next_rule:
if(options & KRB5_GC_CACHED)
goto next_rule;
if(rule_opts & KRB5_NCRO_USE_REFERRALS)
if (try_creds->server->name.name_type == KRB5_NT_SRV_HST)
flags.b.canonicalize = 1;
else if(rule_opts & KRB5_NCRO_NO_REFERRALS)
if (rule_opts & KRB5_NCRO_NO_REFERRALS)
flags.b.canonicalize = 0;
else
flags.b.canonicalize = (options & KRB5_GC_CANONICALIZE) ? 1 : 0;

4
lib/krb5/principal.c
View File

@@ -1415,10 +1415,6 @@ rule_parse_token(krb5_context context, krb5_name_canon_rule rule,
rule->options |= KRB5_NCRO_GC_ONLY;
} else if (strcmp(tok, "no_referrals") == 0) {
rule->options |= KRB5_NCRO_NO_REFERRALS;
rule->options &= ~KRB5_NCRO_USE_REFERRALS;
} else if (strcmp(tok, "use_referrals") == 0) {
rule->options |= KRB5_NCRO_USE_REFERRALS;
rule->options &= ~KRB5_NCRO_NO_REFERRALS;
/* Rule ancilliary data: */
} else if (strncmp(tok, "domain=", strlen("domain=")) == 0) {
free(rule->domain);